Security shortfall on mobile devices puts businesses at risk, experts warnJun 27, 2012
- 82% of large organisations reported security breaches caused by staff, including 47% who lost or leaked confidential information;
- Only 39% of large organisations encrypt data downloaded to smart phones and tablets;
- 54% of small businesses (38% of large organisations) don’t have a security awareness programme;
- While 52% of small businesses say social networking sites are important to their business, only 8% monitor what their staff post on those sites.
Stuart Marshall, data security expert at PwC in Milton Keynes, said: “With the explosion of new mobile devices and the blurring of lines between work and personal life, organisations are opening their systems up to massive risk. Smart phones and tablet computers are often lost or stolen, with any data on them exposed.”
More than half of small businesses and 38% of large ones do not have a programme for educating staff about security risks. Only one in four respondents with a security policy believe their staff have a very good understanding of it.
Those that have invested in staff awareness training are reaping the benefits – they are four times as likely to have staff who clearly understand the security policy and half as likely to have staff-related security breaches as organisations that don’t train their staff.
Mr Marshall said: “Staff need to know what risks to look out for, how to handle data appropriately and what to do if a breach occurs. Security breaches by staff are often the result of a lack of education about the risks involved and organisations could do more to address this.”
The survey suggests that with their increasing dependence on social networking sites, organisations are targets. Half of the organisations surveyed say they think social networking sites are important to their business, up from only a third two years ago. Yet, controls are not keeping pace.
Mr Marshall said: “Given how important social networks have become over the last few years, it issurprising how little the control techniques used have changed.
"Large organisations – especially in financial services – rely on blocking social media sites rather than monitoring their use, while half of small businesses don’t even have basic web blocking and logging software.”